Can you offer tips for keeping social media accounts and activity secure and compliant?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The first thing you should remember when considering social media security is that everything said on social media is inherently public. You should plan to follow the same guidelines you use for any release of public information when considering a social media presence. The news is full of organizations that have been burned when someone with access to a corporate social media account posted offensive content, intentionally or accidentally, to the organization's feed.
Next, carefully control the passwords to your social media accounts. Make sure that each account is protected with a strong password and that the password is known only to a very small number of individuals. Unfortunately, most social media services are set up in a consumer-oriented fashion and do not have advanced access controls that allow delegation of posting authority, etc. If you need to grant multiple people access to your account, consider using a third-party service that mediates access without requiring shared passwords.
Finally, use common sense when it comes to social media and compliance requirements. Obviously, social media should never be used for credit card processing or to exchange other sensitive information. Publicly traded companies should also be aware of their obligations under Securities and Exchange Commission (SEC) information disclosure regulations. The CEOs of Twitter and Zipcar both recently learned this the hard way when they ran afoul of Regulation Fair Disclosure by posting information to their social media accounts, which had not been filed with the SEC in advance. Information security managers may not have a lot of direct control over what their CEOs do on social media or otherwise, but it's wise to at least do your best to incorporate dos and don'ts into the organization's social media security and compliance best practices policy.
Dig Deeper on Social media security risks and real-time communication security
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.